1 Financial Crime Risk Management (FCRM) Policy

Financial Crime Risk Management (FCRM) Policy

Prepared By: Roshen Ganaspersad, Manager: Financial Crime Risk Management

Reviewed By: Nyeleti Shirilele, Head of Governance/Group Company Secretary

Status: Approved by Board

Date: 23 July 2015

Page | 2

Table of Contents

1. Introduction and Purpose ............................................................................................................... 3

2. Application of this Policy ................................................................................................................. 4

3. The Mandate of the FCRM Function ............................................................................................... 4

4. FCRM Value Chain and Strategy ...................................................................................................... 6

5. Monitoring and Oversight ............................................................................................................... 8

6. Accountabilities and Responsibilities .............................................................................................. 9

7. Procedures for Reporting Suspicions of Financial Crime .............................................................. 10

8. Reporting ....................................................................................................................................... 11

9. Amendments to the Policy: ........................................................................................................... 11

10. Policy Administration: ................................................................................................................... 12

Page | 3

1. Introduction and Purpose

The Boards of Directors of Hollard Holdings (Pty) Ltd (“HH”), Hollard Life Assurance Limited

(“HLAC”) and The Hollard Insurance Company Limited (“THIC”) and their subsidiaries (hereinafter

collectively referred to as the Boards/Companies) are committed to protecting the interests of its

policyholders and shareholders and other key stakeholders through operating a sound system of

governance and risk management.

The Boards have established an Enterprise Risk Management and Compliance Framework setting

out the principles, objectives, and governance structures regarding risk management.

The Enterprise Risk Management and Compliance Framework is focussed on managing a broad

range of risks, including financial crime risk as a subset of operational risk which can result in

financial loss, operational loss and reputational damage to an organisation. Operational risk is

defined as the risk of loss arising from inadequate or failed internal processes, people, and/or

systems, or from external events. This definition includes compliance and regulatory risk, but

excludes strategic risk. Financial Crime Risk is defined as the risk of loss due to deliberate acts by

either employees or external parties with the intention to defraud, misappropriate property or

circumvent regulations, the law or company policy and harm the organisation or a third party.

Managing financial crime (including fraud, theft of company assets, cyber-crime, conflicts of

interests and bribery and corruption) within the Hollard Group requires a definitive strategy

combined with a good value and ethics system. FCRM involves a number of measures which form

part of a “layered” approach to mitigating financial crime risk. A best practice FCRM model has

four key focus areas, namely, prevention and deterrence, detection, investigations (response),

remediation and recoveries, all underpinned by an effective governance model.

The purpose of this policy is to:

Set the “Tone from the Top” on FCRM with a clear statement from the Boards and Executive

Management (“Exco”);

Outline the principles and strategy on the prevention and deterrence, detection,

investigation, remediation and recoveries and governance of financial crime and the

effectiveness thereof within the Hollard Group;

Outline the reporting parameters for financial crime within the Hollard Group and key

external Reporting Bodies; and

Outline the mandate of the FCRM function of the Hollard Group.

Page | 4

This Policy is further supported by a number of policies, standards and other documentation

adopted throughout the Group, as well as South African legislation in terms of criminal law, inter

alia local legislation of countries in which the Hollard Group operates within.

2. Application of this Policy

The requirements set out in this policy apply to Hollard Holdings (Pty) Ltd, Hollard Life Assurance

Limited and The Hollard Insurance Company Limited and their subsidiaries (hereinafter

collectively referred to the Hollard Group).

The implementation of this policy will be proportionate to the nature, scale and complexity of

each of the various Companies. The principle of proportionality is of particular importance to

ensure the consistent application of the policy whilst ensuring a fair and balanced approach to

implementation. Proportionality is broadly defined with reference to the following measures:

Nature: The specific nature of insurance activities including, for example, types of lines of

business and the number of lines of business;

Scale: The size of insurance activities including for example gross premium and maximum

risk retention;

Complexity: The complexity of the insurer and its activities including the business and

distribution model, governance structures, product design, number of lines of business

and special or alternative risk transfer activities.

This Policy applies to all Hollard employees, contractors, partners, vendors, intermediaries and

non-compliance may lead to disciplinary, regulatory, criminal and civil proceedings.

3. The Mandate of the FCRM Function

The FCRM function receives its mandate from the Audit Committee.

The FCRM team provides financial crime risk management solutions to the Hollard Group and its

partners by continuously improving their professional service offering in order to mitigate

financial crime exposure and to minimise the impacts thereof.

The FCRM team will achieve this by partnering with business and its partners, as a first line of

defence, in managing financial crime risks to create a win-win-win situation for Hollard, its

partners and its people.

Page | 5

In consultation with the relevant stakeholders, the FCRM team will have:

Free and unrestricted access to all Hollard Group’s records and premises, whether owned or

rented;

The authority to examine, copy and/or remove all or any portion of the contents of files, desks,

cabinets, and other storage facilities on the premises without prior knowledge or consent of

any individual who may use or have custody of any such items or facilities if it is within the

scope of their investigation.

During the execution of financial crime management activities, the FCRM team shall obtain the

necessary assistance from staff and management of the Hollard Group as well as from other

specialised services from within and outside the Group, as approved from time to time by the

Executive of the FCRM function.

The FCRM team mandate extends to the following financial crime risks (perpetrated either

internally or by external parties) against the Hollard Group, but is not limited to:

Any dishonest or fraudulent act;

All matters that may have potential staff involvement;

Misappropriation of funds, securities, supplies, or other assets;

Impropriety in the handling or reporting of money or financial transactions;

Profiteering as a result of insider knowledge of company assets;

Disclosing confidential and proprietary information to outside parties;

Disclosing to other persons, securities activities engaged in or contemplated by the company;

Conflict of interest;

Cyber related crime;

Destruction, removal, or inappropriate use of records, furniture, fixtures, and equipment;

Any similar or related irregularity.

Other irregularities concerning am employees performance, moral or behavioural conduct should

be resolved by the line management or Human Resource (HR) Specialist rather than the FCRM

function. The FCRM function may provide support to business on the breach of internal Policies,

procedures and standards that poses a risk to the ethical standards of the Hollard Group; upon

the discretion of the Manager of the FCRM function or the responsible Executive.

Page | 6

4. FCRM Value Chain and Strategy

The Hollard Group adopts an integrated and holistic approach to FCRM, across the FCRM value

chain and adopts a “zero tolerance approach” to FCRM.

The following diagram illustrates the core components of Hollard Group’s system of FCRM. The

effective operation of all of these components is required in order to meet the principles and

objectives set out in the FCRM strategy.

The FCRM value chain fousses on the following:

The FCRM model is developed on an integrated framework, with clear interdependencies within

all specialisation areas within FCRM, supporting the strategic view that “the whole is more than

the sum of its individual parts.”

The FCRM value chain fousses on the following:

a) Prevention and Deterrence

The key focus areas for financial crime risk prevention and deterrence includes:

Financial crime risk awareness and training:

•Proactively, a measure that focusses on process and control ineficiencies or reactively, a measure that focusses on root causes of financial crime that has resulted in the breakdown of controls and consequence management (recovery of losses and action against perpetrators.)

•A reactive measure to establish facts relating to a reported incident/allegation and/or anomaly detected through other proactive initiatives.

•Proactively, a measure that assists in the early detection of financial crime through monitoring of transactions or reactively, a measure that focusses on cyber response threats and investigations.

•A measure that is aimed at adopting a proactive approach to managing financial crime risk.

Prevention & Deterrence

Detection

Remediation & Recoveries

Investigations

Page | 7

Ongoing awareness and training promotes a culture of good governance and increased

vigilence regarding financial crime related risks. Awareness and training initiatives may

include Induction for new recruits, general FCRM awareness and policy training, process

and control training, Financial Crime Risk Champion training.

Financial crime risk marketing and communications:

Effective marketing and communications support the strategy of FCRM by encourgaing

vigilence and reporting of financial crime within the Hollard Group.

b) Detection

The key focus areas for financial crime risk detection includes:

Financial Crime Data Analytics:

It is critical that the FCRM function have a monitoring process in place to serve as an early

detection control, highlighting potential financial crime. Exception reports must be

developed on known financial crime scenarios which will highlight “red flags”to assist

business to mitigate financial crime risk.

Cyber-crime Response Plan:

As an effective detection strategy, an effective cyber-crime response plan will support

threats in the electronic mediums utilised by the Hollard Group.

Financial Crime Risk Database:

A Financial Crime Risk Database places the FCRM function in a position to support

business to create a common view of the financial crime landscape, thereby proactively

managing financial crime risk.

c) Investigations

The investigations function provides an end-to-end investigation service to business, through

the identification and classification of financial crime risk types, in accordance with the

approved methodology. Effective investigation outcomes support the consequence

management process and minimises losses to the Hollard Group.

Page | 8

d) Remediation and Recoveries

The key focus areas of Remediation and Recoveries includes:

Remedial Actions

All control environment remedial actions recommended to business in relation to

financial crime risk and all consequence management (disciplinary action, regulatory

action, criminal action and civil action) will be tracked, monitored and reported to ensure

value add to the Hollard Group.

Financial Crime Risk Assessments and Process and Control Reviews

A risk based approach will be adopted in collaboration with business to assess the

prevalent financial crime risks and associated controls. This will be mapped against the

Hollard Group’s risk rating matrix or “Heat Map”followed by the completion of a risk

register as a value add to business. A root cause analysis will be conducted on financial

crime loss events with the objective of improving the control environment.

Recoveries

The FCRM function will provide a recoveries service to business to track that financial

crime losses within the Hollard Group are minimised.

5. Monitoring and Oversight

The Hollard Group adopts a collaborative approach, synonymous to a combined assurance model,

including Risk management, Compliance, Actuarial Control, Internal Audit and External Audit that

collaborate to ensure that it executes independent review activities as a collective. This is to

ensure adequate coverage of the high risk areas across the business and place reliance on work

already done by assurance providers to avoid duplicating efforts.

The Hollard Group operates a “three lines of defence “risk governance model, which is illustrated

in the diagram below:

Page | 9

The FCRM function plays a 1st line of defence role and assists business with the four pillars

outlined in section 4 above.

The Hollard Group’s 2nd and 3rd lines of defence provides independent oversight, monitoring and

reporting activities. It seeks to provide assurance to the Boards on activities and risks undertaken

by business.

6. Accountabilities and Responsibilities

The accountabilities and responsibilities for financial crime risk management within the Hollard

Group are described in the table below:

1st Line of Defence

•Comprises of business or Management, supported by Legal and is suported for taking and managing risk.

2nd Line of Defence

•Comprises primarily of Risk Management, Compliance and Actuarial Control functions.

3rd Line of Defence

•Comprises of Internal and External audit functions.

Page | 10

7. Procedures for Reporting Suspicions of Financial Crime

The FCRM function promotes the reporting of financial crime against the Hollard Group.

The Hollard Group subscribes to the Protected Disclosures Act (Act 26 of 2000), that encourages

employees to report all suspicions of financial crime to their employer. All whistle-blowing reports

are treated as either confidential or anonymous.

Confidential whistleblowing occurs when a whistle blower may choose to reveal his/her identity

when making a disclosure. The Hollard Group will respect and protect the confidentiality of the

whistle blower and provides assurance that their identity will not be disclosed to any third party.

The only exception to this assurance is that if the Hollard Group is ordered by a Court of Law to

reveal confidential information relating to a whistleblowing report.

Whistleblowing reports may also be made anonymously, whereby the whistle blower may choose

not to reveal their identity when making a disclosure. A whistleblowing hotline has been

established to report suspicions of financial crime. The hotline is managed by an independent

third party.

Committee/Function Accountability Responsibility

Social and Ethics Committee

Oversee the setting of the tone

at the top as well as defining

principles on ethical behaviour.

Provide strategic oversight on

the implementation of

awareness campaigns that

support the tone at the top

Audit Committee

Oversee the implementation

and effectiveness of the FCRM

strategy in line with the four

pillars outlined in 4 above.

Review reports on the status of

FCRM, material non-

compliance with this policy and

ensure that corrective actions

are taken.

Executive Management (Exco)

Set the tone at the top for the

Hollard Group to encourage a

culture of integrity, honesty

and ethical behaviour;

ensure that the FCRM function

is adequately resourced and

has access to all areas of the

business and to ensure that the

FCRM mandate is clearly

communicated to business

areas.

Ensure the effective

implementation of this policy

and the FCRM strategy with the

appropriate delegation of

authority to the FCRM function.

Page | 11

Any employee, contractor, partner, vendor or intermediary who has a reasonable suspicion that

financial crime is committed against the Hollard Group has an obligation to report the matter,

using the reporting mechanisms in place. Confidential reports may be made directly to the FCRM

function. All reports must be made without malice and in good faith. In cases where malicious

disclosures are made, disciplinary action may be taken against internal parties or legal action may

be taken by the affected party. Staff are obligated to report any financial crime risks to FCRM and

failure to do so may result in a disciplinary enquiry.

8. Reporting

a) Internal

The Manager of FCRM shall report on financial crime risks, compliance with this policy

and any other related issues to the Social and Ethics Committee and/or Audit Committee

or any other Governance Body.

b) External

The Manager of FCRM shall report on financial crime risks to external industry and

regulatory bodies, including, but not limited to the South African Insurance Crime Bureau

(SAICB), South African Insurance Association (SAIA), Association of Savings and

Investments South Africa (ASISA), South African Police Services (SAPS) and Financial

Services Board (FSB);

All reporting in terms of the Financial Intelligence Centre Act (Act 38 of 2001) and

Prevention and Combatting of Corrupt Activities Act (Act 12 of 2004) will be the

responsibility of the FCRM function. It will be the responsibility of business unit managers

and/or risk/forensic functions in business to ensure that all reporting as required per

legislation is referred to the FCRM function.

9. Amendments to the Policy:

Any material amendments to the governance framework that shall affect its nature will be

approved by the Boards. All other amendments shall be approved by the Head of

Governance/Group Company Secretary.

Page | 12

10. Policy Administration: Contact Person:

Nyeleti Shirilele, Head of Governance and Group Company Secretary

Roshen Ganaspersad, Manager of Financial Crime Risk Management (FCRM)

Version Information:

Policy Name Version Approval Date

Financial Crime Risk Management (FCRM) Policy

1 23 July 2015

Review:

Frequency of Review Date of Next Review Date of Last Review

Every two years or as required

July 2017 23 July 2015